Lost USB Drive Exposes Sensitive Data from Wolf and Company

The Boston-based CPA firm Wolf & Company recently began notifying an undisclosed number of people that their names and Social Security numbers may have been exposed when a USB drive was lost in the mail (h/t DataBreaches.net).

A Wolf & Company employee mailed a USB drive to a client, a bookkeeper, on March 11, 2014, but when the envelope arrived, the drive was missing. While the employee had been unaware that the drive contained sensitive information, it did include a QuickBooks file containing names and Social Security numbers.

"The bookkeeper said that the plastic envelope from the Postal Service was sealed, so we believe the USB drive is still at one of the Postal Service processing facilities," Wolf & Company information security officer Matthew J. Putvinski wrote in a letter [PDF] to the New Hampshire Attorney General's Office.

Still, Putvinksi noted, "We are in the process of changing our Information Security Policy to prohibit the mailing of all unencrypted portable media such [as] USB drives and CDs/DVDs regarding of whether or not we believe it contains sensitive personal information or not."

All those affected are being offered free access to credit monitoring services.